Cooey Center of Excellence panel at New England NDIA.

Jacob Horne's first question, "Would you say cybersecurity is your biggest risk?"

Joanne Chabot, "Cybersecurity is not just the number one risk, but it keeps our CEO up all night."

MJ Thomas, "It is a vector. There are multiple vectors. It is important."

Allison Giddens, "Depends on the day. Today sure but this morning I was facing a dunnage shortage and can't make parts."

Michael Gaudet, "from a security perspective no. from a human perspective level, yes"

Jacob Horne, "CEOs say they will stay up all night but when we talk to contractors the concern doesn't make it to the conversation"

Allison Giddens, "Yes as a given. I have 220 jobs on the floor on many times with often as many buyers. The agreements are often hundreds of pages lomng and you may find a 7012 or 7019 clause. Can I expect my buyers to know."

Horne, "Can we get the need for cybersecurity to the purchase level."

Giddens, "When a supplier or customer brings up cyber they are also getting beaten by five other demands siuch as getting the bid in."

Joanne Chabot, "We have started an annual training for a buyer. We require our suppliers to do a 7012 compliant."

Horne, "The Primes are stuck between the DoD who doesn't communicate well and subs who expect the Primes or Gov to cover the cost "

MJ Thomas, "When I read the contracts security isn't in the contract. The gov is too afraid to put it in due to lack of compliance in supply chain."

Horne, "Most DIB contractors do not have DoD as a customer. When they say 'allowable' cost that doesn't make it to small businesses. The 'allowable' cost conversation is different with prime and sub versus the government.

Allison Giddens notes, "What about the cost of the assessments. I heard at CS2 we are looking at six figures. I had a heart attack."

Horne brings up, "Stacy just said May of 2023. That is less than a year. Did you budget for a 100k in the next eleven months."

Horne brings up issue of flowdown. Mj notes it might not be the only way but right now it is the only way.

Giddens, "We heard about the wiz bang being three. I might just make a bolt...but the entire print came with me and different procsser approved list is short."

Giddens must flow the burden of flowing down the contract requirments to only suppliers approved by the prime.

General Dynamics using a cut score of 90. If you are below that they ask to see your POAM to understand the risk.

Project Spectrum is given as a resource that will not get you to where you need to go.

Horne shares, "Two companies have a 105. Which didn't turn on a MFA"

Thumbs down guy said, "I would not use Project Spectrum to onboard a new employee. It won't help with implementation."

"I am not into lending the government money" retorts audience member. For 1 million to 20 million we are talking doubkle digit investments to possibly get reimbursed on award you do not have."

CMMC is a negative auction as we try to guess the average SPRS score

Michael Gaudet, Director of IT, kSARIA Corporation, "I read this as check the box. I hope it is good. I am a one man shop. I have nobody to bounce ideas off of."

Question from remote audience, "What do you do when scoping a system when no CUI is marked correctly"

General Dynamics...we are dealing with this every day to.

Horne says, "Push back"

MJ says, "We push back. We are always told it is CUI.:

Giddens, "Overscope"